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Operations of arbitrary arity expressible via addition modulo 2" and bitwise addition modulo 2 admit a simple 
description. The identities connecting these two additions have a finite basis. Moreover, the universal algebra Z/2"Z 
with these two operations is rationally equivalent to a nilpotent ring and, therefore, generates a Specht variety. 

0. Introduction 

, On the set of integers {0, 1, . . . ,q — 1} — Ziq, where q is a power of two, we consider two natural operation; addition 
fS| '■ modulo q and bitwise addition modulo 2. In computer literature, these operations are usually denoted by ADD and XOR; 
(— ( , they are hardware implemented in all modern computers, as far as we know.*) 
' We consider two natural questions. 

1. What function Z^' ^ can be expressed via these two operations? 

2. What identities connect these two operations? 

, Theorem 1 gives a complete answer to the first question; we obtain a simple fast algorithm deciding whether or not an 
' arbitrary given function can be expressed via ADD and XDR. We also calculate the total number of fc-argument functions 
^) , expressible via these two operation (Corollary 1). 

■ We do not give an explicit answer to the second question, but we prove that, for each q, all identities connecting 
\—A : ADD and XOR follow from a finite number of such identities (Theorem 2) and there exists an algorithm writing down 

such a finite basis of identities for any given q (Corollary 2). 
, The problem of existence of finite basis of identities was extensively studied for groups, semigroups, rings, linear 

■ algebras (see, for example, [Ba0188], [Neum69], [Belo99], [VaZe89], [Grish99], [Zaits78], [Keme87], [Kras90], [Laty73], 
m [Lvov73], [01sh89], [Shch99], [GuKrOS], [Kras09], [Speht52] and literature cited therein), but the "applied" algebra 

^ ' with operations ADD and XOR has never been studied from this point of view, as far as we known. 

In algebraic term. Theorem 1 is an explicit description of the free algebras of the variety, generated by the 
' algebra Zg with two binary operations ADD and XOR; Theorem 2 says that this variety is finitely based (i.e. it has a 
] finite basis of identities). See, for example, [Ba0188] or [GA91] for necessary information about varieties of universal 

■ algebras. 

I Most of Notation we use is standard. Note only that the addition modulo q (i.e. ADD) is denoted by +; the bitwise 
7—i • addition modulo 2 (i.e. XOR) is denote by ©. The symbol denotes the ith bit of a number a € Zq; the bits with 

, negative numbers are assumed to be zero. The set {0, 1, . . . , q — 1} = Z^ when considered as a universal algebra 
J>. with operations + and © is denoted by the symbol Aq. The multiplication by integer numbers in Ag is always 
JJ"! , considered as multiplication modulo q. These multiplications are obviously expressed in terms of addition +, for 
rS ' example, 3x = x + x + x and — 3a; = (~3)x = —(3a;) = x + x . . + x^ . 

' 3(g— 1) terjns 

The authors thank an anonymous referee for a lot of useful remarks and pointing out a fiaw in the original proof 
of the main theorem (the easier direction). We also thank A. E. Pankratiev for useful comments. 



1. Definitions and results 

A function /: Aq — >• Aq is called algebraic if it can be expressed via operations + and ©. More precisely, the set Fk^q 
of algebraic fc-argument functions is the inclusion-minimal set of functions, satisfying the following conditions: 

1) the functions f{x, y,. . .) ^ x, f{x, y, . . .) = y, . . . belong to Fk^q] 

2) if functions / and g belong to Fk^q, then the functions f + g and f ® g belong to F^^q. 

The set F^^q of all algebraic k argument functions forms a universal algebra with respect to operations + and ©; this 
is the free algebra of rank k of the variety generated by the algebra Aq. 

Theorem 1. A function f:A^ Aq is algebraic if and only if, for any i, the ith bit of its value is expressed via bits 
of the arguments by a formula of the form 

{f{x, y, ■ ■ = g{x^,y^, Xi-i,y,-i,. . . ; x,-2,yi-2, ...;...) (*) 

This work was supported by the Russian Foundation for Basic Research, project no. 11-01-00945. 
*) Usually, the command ADD is simply called addition, because it is used mostly for obtaining the usual sum of 
positive integers; however, actually the processor performs the addition modulo a large number q (for example, q = 2^^ 
for 32-bit processors etc.). 
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{the bits with negative numbers are assumed to be zero), where g is an independent ofi Zhegalkin polynomial {over 1^2) 
without free term, whose weight does not exceed 1 . 

The weight or the reduced degree of a polynomial in variables Xi,yi,. . . . . . ,Xi-2,yi-2, • ■ • is the max- 

imal weight of its monomials; the weight of a monomial is the sum of weights of its variables; the weight of vari- 
ables Xi-i,yi-i, ... is the number 2~K (Here, i is a formal parameter.) 

Example 1. If q = 8 and fc = 1, then there are exactly four Zhegalkin monomials whose weights does not exceed 
one: Xi (weight 1), Xi-i (weight Xi-2 (weight j), and Xi-iXi-2 (weight |). (Here, we use that no variable occurs 
in a Zhegalkin monomial more than once.) Therefore, there are 2^ polynomials of weight not exceeding one. Thus, the 
algebra i^i s consists of 16 elements. For example, the algebraic function corresponding to the Zhegalkin polynomial 

Xi © Xi-iXi-2 has the form 

f{x) = /(.To, .Ti, X2) = {xq ©X_ia;_2, Xi (SXqX^i, X2 ®XiXo) = {Xo, Xi, X2 ®XiXo) 

(because the bits with negative numbers are zero). In other words, 

/(0)=0, /(1) = 1, /(2) = 2, /(3) = 7, /(4) = 4, /(5) = 5, /(6) = 6, /(7) = 3. 
Theorem 1 makes it possible to construct the following simple 
ALGORITHM determining whether or not a given function /: 1^2" is algebraic (i.e. can be expressed via ADD 

and XOR). 

1. Write the most significant bit (/(x, y, . . of the value of the function / as a Zhegalkin polynomial 
g',(_i(xo, yo) • • • , a^i, yi, . . .) in bits of arguments and verify that the weight of this polynomial (for i = k—X) does 
not exceed one and the free term is zero. If the weight is higher or the free term is nonzero, then exit the program 
with the answer NO. 

2. Make the following substitutions in the polynomial ga-V- 

Xq -S- 0, xi -> Xo, X2 ^ xi, . . . , x^_i x^„2, 2/0 ^0, yi -!> yo, y2 -> yi, . . . , y^-i yx-2, ■ ■ ■ (**) 

and verify that the obtained polynomial coincides with the polynomial giving (x— 2)-th bit of the function /. 
If not, then exit the program with the answer NO; if yes, then continue. 



X — 1. Make substitutions (**) in the polynomial 52 and verify that the obtained polynomial gi coincides with the 
polynomial giving the 1st bit of the function /. If no, then exit the program with the answer NO; if yes, then 
continue. 

X. Make substitution (**) in the polynomial gi and verify that the obtained polynomial go coincides with the 
polynomial giving the least significant bit of the function /. If no, then exit the program with the answer NO; if 

yes, then exit the program with the answer YES. 

It is clear that this algorithm can be easily made uniform with respect to x. 

For example, the function of multiplication of two numbers modulo q cannot be expressed via ADD and XOR (the 
algorithm stops at the first step because of the condition on the weight); this is not surprising, of course. However, 
the one-argument function x i-> xy is algebraic for each given y G Zg, as was already mentioned. 

The proof of Theorem 1 is constructive and gives some algorithm making it possible to express a given function / 
via ADD and XOR (if it is expressible) , but this algorithm is much more complicated. 

Example 1 can be easily generalised. Calculating monomials for any q and fc, we obtain the following assertion. 

CoroUciry 1. The free algebra F^^q comprises 

2H(f+l)(H2)-(f+'=)-l (1) 

elements. 

Proof. In the case where fc = 1, there are precisely | monomials of weight at most one. Indeed, by virtue of the 
uniqueness of binary decomposition of an integer, there exists precisely one monomial of each weight s ■ ^, where 
s£{l,2,...,|}. Namely, this is the monomial 

x,^i,Xi-i,...x,.i^, where s = 2''-i-'i + 2^-1"'^ + . . . + 2^^-!-'", and 2^ = 

This implies that, for any integer fc, the number of monomials of weight at most one coincides with the number of 
nonzero tuples of nonnegative integers (ni, . . . , rife) with sum at most | (here, ■ | is the weight with respect to the 
ith variable). It is well known that the number of such tuples is 

(| + l)(f +2)...(| + fc) 
fc! 

Therefore, the total number of polynomials of weight at most one can be found by formula (1). 
The following assertion is a reformulation of Theorem 1. 
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Theorem 1'. A function f: A'^ — > Aq is algebraic if and only if it can he written in the form 



fix, y, . . .) = ii^'-'x) © (2'=-^x) ... (2''.iy) {2'--y) . . .) 



where the inequality 2"''-i + 2^'^'^^ + . . . + 2"'-i + 2"''.2 + . . . ^ 1 holds for each i. 

Henceforth, the symbol denotes the bitwise multiplication modulo 2 (conjunction). 

As for identities, we note first that, with respect to each of the operations + and 0, the algebra Aq is an abelian 
group of exponent q and 2, respectively. Therefore, all identities involving only one of these two operations follow from 
the identities 

{x + y) + z = X + {y + z), x + qy = x, x + y = y + x, {x ® y) ® z = x ® {y ® z), x ® {y ®y) = x, x®y = y®x. 

Identities involving the both operations are more complicated. The simplest example of such identity is qx = x®x which 

expresses the coincidence of the zero elements of these two group structures. A less trivial example is ^{x+y) = |(a;©y) 
(this identity expresses the coincidence of the additions + and ® at the least significant bit). 

Theorem 2. For any integer power of two q, the algebra Aq has a finite basis of identities. Moreover, the algebra Aq 
generates a Specht variety.*^ 

The finiteness of an algebra per se does not implies the finiteness of a basis of its identities. A finite basis of 

identities exists for each finite group [OaPo64] (see also [Neum69]), each finite associative or Lie ring ([Lvov73], 
[KruseTS], [Ba0175]), but not for each finite semigroup and not for each finite ring (see [Ba0188]). 

To prove Theorem 2, we use well-known nilpotency arguments rather than the finiteness. It is known that a 
finite basis of identities exists for any nilpotent ring (i.e. a ring in which all sufficiently long products vanish) and any 
nilpotent group (i.e. a group in which all sufficiently long multiple commutators equal to one) (see [Neum69]). The 
algebra Aq is neither a group nor a ring. However, it turns out that this algebra is rationally equivalent (in the sense of 
Mal'tsev) to a nilpotent ring, i.e. the algebra Aq can be endowed with a structure of nilpotent ring in such a way that 
the addition and multiplication of the ring can be expressed via operations + and ® and vice versa: the operation + 
and © can be expressed via the addition and multiplication of the ring. 

Theorem 3. The algebra Aq is rationally equivalent to a nilpotent commutative nonassociative ring (Zg, ®, o). The 
addition © is the usual bitwise addition modulo two, the multiplication o is defined by the formula x o y = 2{x Q y) , 
where is the bitwise multiplication modulo two (conjunction), and the multiplication by two is the multiplication 
by two modulo q, i.e. the shift of digits. 

In the following section, we prove Theorem 1. In section 3, we prove Theorem 3, which immediately implies 
Theorem 2, because any nilpotent ring has a finite basis of identities (and generates a Specht variety). 

2. Proof of Theorem 1 

The clement [x,y] x (B y (B (x + y) is called the commutator of the elements x,y G Aq. The commutator is the 
difference between the sum © and the sum + of two elements; the ith bit of the commutator [x, y] is the carry to the 
ith digit during execution of the standard addition algorithm for x + y. 

The following lemma is well known and widely used in electronic adders. 

Proposition 1. The bits of the commutator satisfies the equality 



[x,y]i = Xi-iyi-i © [x,y]i-i{xi-i ©t/j-i). 



(2) 



Proof. The carry Ci 



[x, y]i to the ith bit is formed as follows: 




1, if among three bits a;j_i, Ci_i the majority (i.e. two or three) is ones; 
0, if among three bits Xi-i,yi-i, Cj_i the majority is zeros. 



The Zhegalkin polynomial for this Boolean function is 



Ci = Xi-iyi-i ® yi-iCi-i © Ci-iXi-i = Xi-iyi-i © Ci-i{xi-i © y^-i) 



as required. 



This means that any algebra of signature (+, ©) satisfying all identities of the algebra Aq has a finite basis of 
identities. 
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Formula (2) can be rewritten in the form [x,y] = 2{x Q y (B [x,y] Q {x (B y)) or (applying distributivity of the 
multiplication by two with respect to and © and distributivity of © with respect to ®) in the form 

{2x) © (2y) = [x, y] © {2[x, y]) © (2x) © {2[x, y]) © {2y). (2') 

Using formula (2), it is easy to show that the ith bit of the sum x -\- y = x ® y ® [x,y\ can be evaluated as 

{x + y)i =Xi®yi® Xi-iyi-i © Xi-iXi-2yi-2 © yi-iXi-2yi-2 © . . • = the sum of all monomials of weight 1. (2") 

Now, we proceed to prove Theorem 1. Let M be the set of all functions — > Aq of the form (*). We have to 

prove two assertions. 

1. Any function from Fk^q belongs to M; 

2. Any function from M belongs to Fk,q. 

The first assertion is easy to verify. The functions f{x, y, . . .) = x. /(.x, y, . . .) = y, . . . belong to Af, since the corre- 
sponding Zhegalkin polynomials Xi, yi, ■ ■ ■ have weight one. Suppose that some functions f{x, y, ■ ■ ■) and g{x, y, ■ ■ ■) 
belong to M, i.e. 

{f{x, y, ■ ■ = F{xi, yi,...; Xi-i,yi-i, ...;...), {g{x, y, . . = G{xi, yi,...; Xi-i,yi-i, ...;...), 

where F and G are Zhegalkin polynomials of weight at most one and without free term. Then 

{f{x, y,...)® g{x, y, . . = F{xi, yi,...; Xi-i,yi-i, ...;...)© G{xi,yi, ...; Xi-i,yi-i, ...;...) 

and the weight of this Zhegalkin polynomial is at most one, i.e. f (B g & M. According to (2"), The ith bit of the 
function f + g \s 

[f + g)^ = F®G® F'G' © F'F"G" © F"G'G" © . . . , 
where the polynomial H' is obtained from H = H{xi, yi,. . .; Xi-i,yi-i, ...;...) by the shift of all bits: 

H'{xi,yi, . . .;Xi-i,yi-i, ...;...)= H{xi-i,yi-i, . . . ; Xj_2, ?/i-2, ...;...)• 

The weight of H' is at most half of the weight of H. Thus, the weight of 

F © G © F'G' © F'F"G" © F"G'G" © . . . 

is at most one and f + g G M. 

The remaining part of this section is the proof of the second assertion. 

A multiple commutators of complexity n is a formal expression in variables x,y,. .. defined by induction as the 
follows: 

each variable is a multiple commutator of complexity 1; 

an expression [u, v] is a multiple commutator of complexity n if the expressions u and v are multiple commutators 

and the sum of their complexities is n. 
An obvious induction shows that a multiple commutator vanishes if at least one of the involving variables vanishes. 

The depth d{w) of a multiple commutator w is also defined by induction: 

d{x) = if a; is a variable; 

w]) — TiidiX.{d{u) T d{v)) + 1. 
For instance, the multiple commutator [[a;,y], [[2:,f],a;]] has complexity 5 and depth 3. 

Lemma 1. Tiie ith bit of a multiple commutator w vanishes if i < d{w). 

Proof. We use induction on depth. For depth 0, the assertion is true. Suppose that d{u) lower bits of a multiple 
commutator u and d{v) lower bits of a multiple commutator v vanish. Then formula (2) implies that max{d{u), d{v)) + l 
lower bits of [u, v] vanish, as required. 

Lemma 2. The depth of a multiple commutator of complexity at least 2" is at least n. 

Proof. We use the induction on n. A multiple commutator of complexity 1 (i.e. a variable) has depth 0. A multiple 
commutator w of complexity ^ 2", where n ^ 1, has the form w = [u, v]. At least one from the multiple commutators 
u or u has complexity > 2"~^ (otherwise, the complexity of w would be less than 2"). By the induction hypothesis, 
the depth of this multiple commutator is at least n — 1. This implies that the depth of w is at least n by the definition 
of depth. 
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Lemma 3. In Ag, all multiple commutators of complexity ^ q vanish. 

Proof. By Lemma 2, the depth of such a multiple commutator is at least log2 q and, therefore, all bits of this multiple 
commutator vanish by Lemma 1. 

Proof of theorem 1'. It is sufficient prove that any expression 

(2'=ia;) (2^^a;) ... (2'^t/) . . . , where 2-'''-' + 2-'=*'^ + . . . + 2-'*'i + 2-'*-^ + ...<!, 

is expressible via and +. Let us prove a more strong assertion: any expression of the form 

f = (2'=u) (2'u) {2"'w) . . . , where 2'^ + 2"' + 2'"^ + . . . ^1 and u,v,w, . . . are multiple commutators (3) 

is expressible via ® and + (and variables). 

Suppose the contrary. Then there exists an expression of the form (3) inexpressible via © and + and such that 
the inequality becomes the equality: 

2-fe _|_ ^ 2"™ + . . . = 1, (4) 

Indeed, 1 — (2"*^ + 2~' + 2""* + . . .) is a fraction of the form where k is the maximum of numbers k, l,m,.. ., and, 
hence, the expression 

/ (2'^w) ... (2'=u) 
^ V ' 

5 factors 

gives the same function as /, but the inequality transforms into the equality. Note that 2x = [x, x] and, hence, 2''u is 
a multiple commutator provided u is a multiple commutator. 

Let us choose among all nonalgebraic (not expressible via © and +) expressions (3) satisfying the equality (4), 
all expressions with minimal number of factors. Among all such minimal-length expressions, we choose an expression 
with the maximal sum of complexities of commutators v, v, w, .... Such an expression / exists by Lemma 3. 

The number of factors in this expression is at least two, because a multiple commutator can be expressed via © 
and + by definition. Equality (4) implies that the two largest among exponents k,l,m,... are equal. Let us assume 
that k = I. 

Using identity (2'), we obtain 

(2'=u) (2'=w) = (2 • 2''-\) (2 • 2'=-iu) = 

= [2''-\j.. 2''-^v] © (2[2'=-iu, 2'=-!^]) (2 2''-^u) © {2[2''-'^u, 2''-'^v]) (2 • 2''-'^v) = 
= 2''-'[u,v] © {2''[u,v]) • (2'=w) © {2''[u,v]) (2^=^;) 

Therefore, expression (3) is the sum of three terms: 

/ = ((2'^-^f) (2"w;) . . . ) © (^{2H) (2'^m) (2"m;) . . . ) © ((2^) {2''v) {2"'w) . . . ) , where t = [u, v]. 

All three terms satisfy equality (4). 

The first term is algebraic, because its length (the number of factors) is less than the length of the initial 
expression /, whose length is minimal among all nonalgebraic expressions (3) satisfying equality (4). 

The second and third terms have the same length as /, but their total complexity is higher (because the complexity 
oi t = [u,v] is one higher than the sum of complexities of u and v). Therefore, they are also algebraic by the choice 
of /. Thus, the expression / is algebraic as the sum of three algebraic terms. This contradiction completes the proof 
of Theorem 1' (and of Theorem 1). 

3. Proof of Theorems 3 and 2 

To prove Theorem 3, note that the algebra Zg with the operations © and o is, indeed, a nilpotent commutative 
nonassociative ring. The commutativity of the multiplication o is obvious; the distributivity of the multiplication with 
respect to the addition © is obvious too. The nilpotency also holds: {{. . . {x o y) o z) o . . . = if the number of factors 
is at least log2 q. Note that the nilpotency index is generally large than log2 q, but it is at most q, i.e. any product 
of q elements (with any arrangements of brackets) vanishes. This can be shown similarly to Lemma 2 (the depth is at 
least logarithm of the length for any arrangements of brackets). 

The multiplication x oy = 2{x Qy) = {2x) (2y) is expressible via + and © by Theorem 1'. It remains to prove 
that the addition + is expressible via the ring operations © and o. 

Note that + can be expressed via commutator and © (by the definition of the commutator): 
X + y = X ® y ® [x,y]. Therefore, it is sufficient to express commutator via © and o. 
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Lemma 4. For any positive integer k, the commutator [x, y] can be written in the form 

[x, y] = fk{x, y) ® [x,y] o {x ® y) o {x ® y) o . . . o {x ® y), (5) 
V « ' 

fc+l factors 

where fk is a polynomial {in the sense of multiplication o and addition ©). Henceforth, we assume that, in multiple 

products, all brackets are shifted to the left, for example, aobocod'^= ((a o b) o c) o d. 

Proof. If A; = 1, then the required decomposition follows from the identity (2'): 

[x,y]=xoy®[x,y]o{x®y). (6) 

For larger k, we use induction: having identity (5) for some k, we substitute identity (6) in it the right-hand side of (5) 
and obtain 

[x, y] = fk{x, y) ® {x o y ® [x,y] o {x ® y)) o {x ® y) o {x ® y) o . . . o {x ® y) = 

= fk{x,y) ® X o y o {x ® y) o {x ® y) o . . . o {x ® y) ® [x,y] o {x ® y) o {x ® y) o {x ® y) o . . . o {x ® y) , 

V ' ^ ^ ' 

fk+i{x,y) k+2 factors 

as required. 

Applying Lemma 4 for fc = log2 q and using the nilpotcncy of the ring, we obtain an expression of the commutator 
via © and o, namely, [x, y] = /loga 9(2^) u) that completes the proof of Theorem 3. 

Theorem 2 follows immediately from Theorem 3 and the following well-known fact. 

Theorem (see [Ba0188]). Each nilpotent ring has a finite basis of identities. 

Remark. The proof of the existence of a finite basis for the identities of nilpotent rings shows that all identities of 
such a ring follows from the identities involving at most n variables, where n is the nilpotency index, i.e. a number 
such that all products of n elements (with any arrangements of brackets) vanish. This implies the following fact. 

Corollary 2. All identities of the algebra Aq follows from the identities involving at most q elements. There exists 
an algorithm that, for any given q = 2^ , write out a finite basis of identities of Ag. 

This basis consists of the addition tables (for -|- and ©) of the free algebra Fq^g. 
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